monitor remote rpm database
Mulley, Nikhil
mnikhil at corp.untd.com
Wed Dec 29 15:07:26 UTC 2004
Hi , Ed Nikhil again :)
Can you please give me some more details on tripwire..
Thanks,
Nikhil.
-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com]On Behalf Of Ed Wilts
Sent: Wednesday, December 29, 2004 8:34 PM
To: General Red Hat Linux discussion list
Subject: Re: monitor remote rpm database
On Wed, Dec 29, 2004 at 08:18:41PM +0530, Mulley, Nikhil wrote:
> But how it can be spoofed , as I see that no user has write
> permissions on /var/lib/rpm Hmmmm. I know you are taking about local
> sudo users who can have anything with the system ... but what is the
> necessary change that you would suggest at /etc/sudoers file so that
> no one except genuine root has write permissions on to these files
If you don't trust the users, the sudoers file should not allow the
users to get a root shell - they should be restricted to very specific
procedures that you have audited to make sure they can't do anything
they're not supposed to do.
If you're after security auditing, the rpm database is not the right
place. If your system has been penetrated and a bad guy has taken over
your system, the rpm database is likely one of the priorities for hiding
his/her tracks.
If you really need a security audit as to what changes have happened on
the system, look at something like tripwire instead. If rpm database
listings are good enough, then rpm is certainly much simpler to work
with.
--
Ed Wilts, RHCE
Mounds View, MN, USA
mailto:ewilts at ewilts.org
Member #1, Red Hat Community Ambassador Program
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list